Cloud Storage Forensics
eBook - ePub

Cloud Storage Forensics

  1. 208 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Cloud Storage Forensics

About this book

To reduce the risk of digital forensic evidence being called into question in judicial proceedings, it is important to have a rigorous methodology and set of procedures for conducting digital forensic investigations and examinations. Digital forensic investigation in the cloud computing environment, however, is in infancy due to the comparatively recent prevalence of cloud computing.Cloud Storage Forensics presents the first evidence-based cloud forensic framework. Using three popular cloud storage services and one private cloud storage service as case studies, the authors show you how their framework can be used to undertake research into the data remnants on both cloud storage servers and client devices when a user undertakes a variety of methods to store, upload, and access data in the cloud. By determining the data remnants on client devices, you gain a better understanding of the types of terrestrial artifacts that are likely to remain at the Identification stage of an investigation. Once it is determined that a cloud storage service account has potential evidence of relevance to an investigation, you can communicate this to legal liaison points within service providers to enable them to respond and secure evidence in a timely manner.- Learn to use the methodology and tools from the first evidenced-based cloud forensic framework- Case studies provide detailed tools for analysis of cloud storage devices using popular cloud storage services- Includes coverage of the legal implications of cloud storage forensic investigations- Discussion of the future evolution of cloud storage and its impact on digital forensics

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Cloud Storage Forensics by Darren Quick,Ben Martini,Raymond Choo in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Syngress
Year
2013
Print ISBN
9780124199705
eBook ISBN
9780124199910
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science
Chapter 1

Introduction

Cloud computing is a relatively recent term to describe computer resources available as a service accessible over a network, such as internally to a corporation or externally available over the Internet; and cloud storage is the storage of electronic data on remote infrastructure, rather than local storage which is attached to a computer or electronic device. Cloud storage services are increasingly used by government, businesses, and consumers to store vast amounts of information. Cloud storage services (like other networked cyber infrastructure) are subject to exploitation by criminals, who may be able to use cloud computing services for criminal purposes, thus adding to the challenge of growing volumes of digital evidence in cases under investigation as briefly explained in this chapter. This chapter also introduces and presents the overall structure of the book, as well as the main contributions of the book to the study of cloud (storage) forensics.

Keywords

Computer forensics; cloud forensics; cloud storage; cloud storage forensics; digital forensics; forensic analysis; forensic computing; forensic framework; legislative responses; law enforcement responses; Storage as a Service (StaaS)

Information in this chapter1

• Introduction to cloud computing
• Cybercrime and cloud computing

Introduction

It is not clear when the term cloud computing was first coined. For example, Bartholomew (2009), Bogatin (2006), and several others suggested that “cloud computing” terminology was, perhaps, first coined by Google™ Chief Executive Eric Schmidt in 2006. Kaufman (2009) suggests that cloud computing terminology “originates from the telecommunications world of the 1990s, when providers began using virtual private network (VPN) services for data communication.” Desisto, Plummer, and Smith (2008) state that “[t]he first SaaS [Software as a Service] offerings were delivered in the late 1990s…[a]lthough these offerings weren’t called cloud computing.” In this paper, we adopt the definition introduced by the National Institute of Standards and Technology (NIST): “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction” (Mell & Grance, 2011).
In recent years, there has been a marked increase in the adoption of cloud computing. Gartner’s 2011 Hype Cycle for Cloud Computing report, for example, referred to cloud computing as the “most hyped concept in IT” (Smith, 2011: 3). “Cloud computing” has been a trending search on Google since 2009 with continued interest (Google, 2013). Another Gartner report suggested that cloud computing could be a US$149 billion market by 2014 and by 2016 could have 100% penetration in Forbes list of the Global 2000 companies (McGee, 2011). It can be reasonably assumed that many of those top 2000 companies will provide some level of online access via cloud computing to both their internal users and their customers.
The availability of cloud storage services is becoming a popular option for consumers to store data that is accessible via a range of devices, such as personal computers, tablets, and mobile phones. There are a range of cloud storage hosting providers, and many offer free cloud storage services, such as Dropbox™, Microsoft® SkyDrive®2, and Google Drive™. Due to the large number of these services available, many commentators have used the phrase Storage as a Service (StaaS) to describe this type of service (Kovar, 2009; Meky & Ali, 2011; Waters, 2011; Wipperfeld 2009). This is an addition to the traditional cloud computing architectures documented by Mell and Grance (2011) of Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Consumers have adopted the cloud storage paradigm in huge numbers with Gartner forecasting massive growth in the area stating that users will be storing a third of their data in the cloud by 2016 (Gartner, 2012). However, many enterprises have remained cautious in moving their data into the public cloud storage environment due to issues such as data sovereignty and security, and complying with regulatory obligations. For example, enterprises who fail to comply with data protection legislation may lead to administrative, civil, and criminal sanctions.
A number of open and closed source cloud software products have been developed and/or are in development to address the needs of the enterprises and even individuals who want to leverage the features of cloud computing while continuing to store data on-site or otherwise under the control of the data custodian. Storing data on-site and/or having the data centers physically in the jurisdiction are increasingly seen as ways to reduce some of the location risks that cloud (storage) service clients currently face. For example, it was suggested at one of the hearings of the Australian Government Parliamentary Joint Committee on Intelligence and Security that “the default position should be that governments, agencies and departments ought to keep their information onshore but use cloud for providers, because there are great cost savings to government by using cloud, using digital storage and accessing the digital economy, being a model user of things like the NBN, data cente[r]s and cloud computing. We think there is a real leadership role for government, but it needs to be done within something of a risk minimi[z]ation strategy, which means that you keep the data onshore and you do not look to send it offshore to a jurisdiction that you do not know about” (Australian Government Parliamentary Joint Committee on Intelligence and Security, 2012: 16). More recently in 2013, the Australian Government has also released the National Cloud Computing Strategy (Australian Government Department of Broadband, 2013) and the policy and risk management guidelines for the storage and processing of Australian Government information in outsourced or offshore information and communications technologies (ICTs) arrangements (Australian Government Attorney-General’s Department, 2013).

Cybercrime and the cloud

ICTs, such as personal computers, laptops, smartphones and tablets, are fundamental to modern society and open the door to increased productivity, faster communication capabilities, and immeasurable convenience. However, it also changes the way criminals conduct their activities, and vulnerabilities in ICT infrastructure are fertile grounds for criminal exploitation. Few today would challenge the assertion that the era of globalization has been accompanied by an increase in the sophistication and volume of malicious cyber activities. Cyberspace can be used as an extension to facilitate and enhance traditional forms of crime as well as to create new forms of crime. In this chapter, the use of ICT as a tool for the commission of a crime or as the object of a crime (Choo, Smith, & McCusker, 2007) will be referred to as “cybercrime” for the purposes of linguistic simplicity. The term is, for example, referred to in Australia’s Cybercrime Act 2001 (Cth) as well as the Council of Europe Convention on Cybercrime with different meanings. Commonly, it is understood by reference to the types of conduct to which it applies; these include offences under Part 10.7 of the Criminal Code Act 1995 (Cth) and conduct such as online fraud, cyber-bullying and using the Internet to view or store child exploitation material or for the purposes of child grooming.
While the advent of ICT has allowed for the emergence of new types of criminal behavior such as the use of malware (malicious software such as Trojan horses, viruses, and worms), there is a growing consensus that existing laws in relation to areas such as theft, forgery, and malicious damage to property are generally capable of suitable modification so as to adequately handle many of the situations envisaged by more specific laws directly targeting such behavior (Brenner, 2001). Indeed, it is possible to argue that cybercrime is best thought of as “the exploitation of a new technology to commit an old crime in new ways and…to engage in a limited variety of new types of criminal activity” (Brenner, 2001: np).
Nevertheless, there is no doubt that that use of malware for the facilitation of crimes such as Internet banking and credit card fraud, identity theft, and money laundering has increased markedly in recent years (Choo, 2011; FireEye, 2013; Tendulkar, 2013). The same is true of the use of the Internet by pedophiles in connection with online child exploitation activities such as online child grooming and dissemination of child abuse and exploitative material (Choo, 2009a, b).
A 2012 report by the Australian Crime Commission found that in the last five years, Australians have lost over AUD 113 million to serious organized crime investment fraud. That is, the use of deceptive mechanisms including cold calling, fake web sites, and false recovery services (“phishing”) to convince individuals to part with their money or personal information on bogus investment opportunities (ACC, 2012). Furthermore, in 2011, a report prepared by Norton-Symantec (2011) showed that cybercrime cost the Australian economy just over US$4.5 billion in 2010. US$1.8 billion of this sum was directly or indirectly misappropriated while the remaining sum was accounted for by resultant increases in productivity costs associated with fixing the problems raised by cybercrime (Caldwell, 2011). The same report identified a cost of US$32 billion to the US economy and US$25 billion in direct losses to China. It showed that 69% of surveyed adults who used online services have been victims of cybercrime (Norton-Symantec, 2011).
The vast majority of reports on patterns and trends in cybercrime disseminated (and in turn cited) are from the commercial sector and do not include details such as the research methodology or provide access to the raw data (see Gray, 2011). Guinchard (2011: 75–78) explained that the “diversity of methods used to collect information on cyber incidents can produce widely different results … [and] this facilitates extrapolations about the scale of the problem and the cost of cyber crimes.” For example, there have been assertions that cybercrime has “[s]urpassed Illegal Drug Trafficking as a Criminal Moneymaker” (Symantec, 2009) and a more recent report by Detica (2012: 2) commissioned by the UK cabinet office estimated “the cost of cyber crime to the UK to be £27 billion per annum.” However, such figures have been criticized in both the media (see Gray, 2011) and by academics (see Anderson et al., 2012; Florencio & Herley, 2011). The currency of cybercrime as a term among members of the community means that it may be imprecisely applied to a wide range of criminal behavior with the consequence that the scope of the problem is apt for overstatement; although this is not to suggest that the problem is not widespread.
Despite the size and gravity of the problem however, individuals to a certain extent, and business in most cases, do not report many instances of cybercrime when they are affected. In 2009, on average only 8% of Australian businesses (surveyed in the Australian Business Assessment of Computer User Security—see Richards, 2009) who had been the victim of cybercrime reported it to the police. In many cases, this was because the crime was not considered serious enough (Richards, 2009).
Cloud computing (like other networked cyber infrastructure) is subject to attacks by cyber criminals, who may be able to hijack and use resources for criminal purposes, thus adding to the challenge of growing volumes of digital evidence in cases under investigation. Cloud computing services can also be used as a launching pad for new attacks, or to store and distribute criminal data (e.g., child abuse materials and terrorism-related materials) by cyber criminals, organized crime groups, and politically motivated actors to avoid the scrutiny of law enforcement and national security agencies (Choo, 2010).
Use of cloud computing by criminals (or their victims) means that data of interest may be virtualized, geographically distributed, and ephemeral, presenting technical and jurisdictional challenges for identification and seizure by law enforcement and national security agencies. These issues can impede digital forensic investigators and potentially prevent law enforcement and national security agencies from acquiring digital evidence and forensically analyzing digital content in a timely fashion.

Challenges faced by law enforcement and government agencies

Security and privacy issues associated with cloud services are generally better documented and understood than digital forensic issues. By physically displacing the storage from the user, cloud storage solutions introduce numerous challenges for digital forensic and eDiscovery practit...

Table of contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. Acknowledgments
  7. About the Authors
  8. Forewords
  9. Chapter 1. Introduction
  10. Chapter 2. Cloud Storage Forensic Framework
  11. Chapter 3. Microsoft SkyDrive Cloud Storage Forensic Analysis
  12. Chapter 4. Dropbox Analysis: Data Remnants on User Machines
  13. Chapter 5. Google Drive: Forensic Analysis of Cloud Storage Data Remnants
  14. Chapter 6. Open Source Cloud Storage Forensics: ownCloud as a Case Study
  15. Chapter 7. Forensic Collection of Cloud Storage Data: Does the Act of Collection Result in Changes to the Data or its Metadata?
  16. Chapter 8. Conclusion and Future Work
  17. Glossary
  18. Index